Research And Implementation Of Multi-task Deep Learning For Malicious Traffic Identification

In recent years,with the rapid development of network technology,the malicious traffic spread on the network has also shown a rapid growth trend.These malicious traffic seriously threaten network security.Therefore,in-depth research on the identification of malicious traffic is crucial to the field of network security.Compared with machine learning,deep learning has a qualitative leap in both the amount of computation and the depth of computation,and it has far surpassed classic machine learning methods in many fields,including speech,natural language,vision,etc.Single-task deep learning models have been widely used to solve traffic classification problems.However,if the amount of data in a task is limited or high-dimensional,it may be difficult for the model to distinguish between relevant and irrelevant features,resulting in poor model performance.In order to solve this challenge,we reconstructed the classification of malicious traffic as a multi-task learning framework in which traffic duration,bandwidth occupancy rate,and malicious traffic category can be predicted.The multi-task deep learning model uses traffic duration and bandwidth occupancy rate prediction as auxiliary tasks,and malicious traffic classification as the main task.When the model is trained,the information learned in the auxiliary tasks can be used in the main task.The correlation between each other promotes the learning effect of each task.The two auxiliary tasks set up in this paper are useful in many applications,including routing,resource allocation and Qo S management.This paper proposes a data preprocessing scheme,extracts 19 network traffic characteristics,and builds a multi-task-based deep learning framework for malicious traffic identification.Then based on the CIC-DDo S2019 and CIC-IDS2017 data sets of the Canadian Institute of Cyber Security of the University of New Brunswick,the results show that compared with the single-task deep learning model to solve the problem of malicious traffic identification,the multi-task depth proposed in this article The learning model has a great improvement in recognition performance.Finally,this article designs and implements a malicious traffic monitoring system based on the trained multi-task deep learning model.(1)A feature extraction algorithm for malicious traffic based on two-way flow is proposed;(2)A multi-task learning framework based on malicious traffic classification is proposed,and a multi-task deep learning model is constructed based on the CIC-DDo S2019 and CIC-IDS2017 datasets of the Canadian Institute of Cyber Security of the University of New Brunswick,and is compared with the single-task deep learning model.The learning model is used for control experiments,and the experimental conclusions verify that the multi-task learning framework based on malicious traffic classification proposed in this article can improve the performance of malicious traffic identification;(3)A framework for a malicious traffic monitoring system is proposed,and a malicious traffic monitoring system based on multi-task deep learning is implemented.